views.py
class UserList(generics.ListCreateAPIView):
queryset = User.objects.all()
model = User
serializer_class = UserSerializer
paginate_by = 10
def get_queryset(self):
queryset = User.objects.all()
search_query = self.request.query_params.get('user', None)
if search_query is not None:
queryset = queryset.filter(name__istartswith=search_query)
queryset = queryset.order_by('name')
return queryset
class UserDetail(generics.RetrieveUpdateDestroyAPIView):
queryset = User.objects.all()
model = User
serializer_class = UserSerializer
models.py
class UserRole(models.Model):
class Meta:
ordering = ["name"]
db_table = 'userrole'
name = models.CharField(max_length=50)
status = models.CharField(max_length=100)
class User(models.Model):
class Meta:
ordering = ["name"]
db_table = 'user'
name = models.CharField(max_length=100)
email = models.EmailField(unique=True, max_length=100)
password = models.CharField(max_length=100)
status = models.CharField(max_length=100, default='active')
roleid = models.ForeignKey(UserRole, on_delete=models.CASCADE,
default=None, blank=True, db_column='roleid')
createdby = models.CharField(max_length=100, blank=True, default="")
createdon = models.DateTimeField(blank=True, auto_now_add=True)
updatedon = models.DateTimeField(blank=True, auto_now=True)
Serializers.py
class UserSerializer(serializers.ModelSerializer):
class Meta:
model = User
class UserRoleSerializer(serializers.ModelSerializer):
class Meta:
model = UserRole
我已经使用了Django-rest文档,但无法找到实现自定义创建用户的身份验证和权限的参考。
请告知。
答案 0 :(得分:1)
检查Django文档以查找User authentication in Django和Permissions in Django Rest Framework。
以下是自定义BaseUser和BaseUserManager的示例模型结构。
from django.conf import settings
from django.contrib.auth.models import BaseUserManager, AbstractBaseUser, PermissionsMixin
from django.template.defaultfilters import slugify
User = settings.AUTH_USER_MODEL
class BaseUserManager(BaseUserManager):
def create_user(self, useremail, display_name, password=None):
if not useremail:
raise ValueError('Users must have an email address')
now = timezone.now()
user = self.model(useremail=BaseUserManager.normalize_email(useremail))
user.display_name = display_name
user.email = useremail
user.profile_slug = getUniqueValue(BaseUser,slugify(useremail.split("@")[0]),field_name="profile_slug")
user.set_password(password)
user.status='A'
user.last_login = user.date_joined = now
user.save(using=self._db)
return user
def create_superuser(self, useremail, display_name, password):
user = self.create_user(useremail=useremail,
display_name=display_name, password=password)
user.email = useremail
user.display_name = display_name
user.is_superuser = True
user.is_staff = True
user.status='A'
user.save(using=self._db)
return user
class BaseUser(AbstractBaseUser, PermissionsMixin):
display_name = models.CharField(max_length=25)
profile_slug = models.CharField(max_length=25,null=True)
gender = models.CharField(max_length=1, blank=True, choices=Gender)
useremail = models.EmailField(unique=True)
is_staff = models.BooleanField(default=False)
user_status = models.CharField(max_length=1, default='A')
USERNAME_FIELD = 'useremail'
REQUIRED_FIELDS = ['display_name']
objects = BaseUserManager()
def __unicode__(self):
return self.display_name
在 permission.py 中,您可以将权限定义为:
from rest_framework import permissions
class CheckPermission(permissions.BasePermission):
def has_permission(self, request, view):
try:
# some code
return True
except:
return False